...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Key here (explains table format and definitions)
Taxonomy | Taxonomy item | Relationship |
|---|---|---|
| ISO/IEC TR 24772 | Privilege Sandbox Issues [XYO] | Prior to 2018-01-12: CERT: Unspecified Relationship |
| CWE 2.11MITRE CWE | CWE-250, Execution with unnecessary privileges696, Incorrect behavior order | 2017-07-07: CERT: Rule subset of CWE |
CERT-CWE Mapping Notes
Key here for mapping notes
CWE-696 and POS36-C
CWE-696
...
= Union( POS36-C, list) where list =
- Misordered executions besides dropping group privileges before dropping user privileges
Bibliography
| [Chen 2002] | "Setuid Demystified" |
| [Dowd 2006] | Chapter 9, "UNIX I: Privileges and Files" |
| [Open Group 2004] | setuid()setgid() |
| [Tsafrir 2008] | "The Murky Issue of Changing Process Identity: Revising 'Setuid Demystified'" |
...